Amavisd missing spam headers
Filip Bartmann
filbar at centrum.cz
Wed Nov 22 20:22:27 CET 2017
I use amavisd on on my CentOS 7 server, but I have problem with missing
spam headers in messages. Next is my config file. What I have wrong?
---------------------------------------------------------------------------------
@bypass_virus_checks_maps = (1); # controls running of anti-virus code
@bypass_spam_checks_maps = (1); # controls running of anti-spam code
$bypass_decode_parts = 1; # controls running of
decoders&dearchivers
$max_servers = 1; # num of pre-forked children (2..30 is
common), -m $daemon_user = 'amavis'; # (no default; customary:
vscan or amavis), -u $daemon_group = 'amavis'; # (no default;
customary: vscan or amavis), -g
$mydomain = 'filbar.name'; # a convenient default for other settings
$MYHOME = '/var/spool/amavisd'; # a convenient default for other
settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to
exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR,
used by SA, etc. $QUARANTINEDIR = undef; # -Q
# $quarantine_subdir_levels = 1; # add level of subdirs to disperse
quarantine # $release_format = 'resend'; # 'attach', 'plain',
'resend' # $report_format = 'arf'; # 'attach', 'plain',
'resend', 'arf'
# $daemon_chroot_dir = $MYHOME; # chroot directory or undef, -R
$db_home = "$MYHOME/db"; # dir for bdb nanny/cache/snmp
databases, -D # $helpers_home = "$MYHOME/var"; # working directory for
SpamAssassin, -S $lock_file = "/var/run/amavisd/amavisd.lock"; # -L
$pid_file = "/var/run/amavisd/amavisd.pid"; # -P
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
$log_level = 0; # verbosity 0..5, -d
$log_recip_templ = undef; # disable by-recipient level-0 log entries
$do_syslog = 1; # log via syslogd (preferred)
$syslog_facility = 'mail'; # Syslog facility as a string
# e.g.: mail, daemon, user, local0, ... local7
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny) # $enable_zmq = 1; # enable use of ZeroMQ (SNMP and
nanny) $nanny_details_level = 2; # nanny verbosity: 1: traditional,
2: detailed $enable_dkim_verification = 1; # enable DKIM signatures
verification $enable_dkim_signing = 1; # load DKIM signing code,
keys defined by dkim_key
@local_domains_maps = qw( . );
@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$unix_socketname = "/var/run/amavisd/amavisd.sock"; # amavisd-release
or amavis-milter # option(s) -p overrides $inet_socket_port and
$unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s)
# $inet_socket_port = [10024,10026]; # listen on multiple TCP ports
$policy_bank{'MYNETS'} = { # mail originating from @mynetworks
originating => 1, # is true in MYNETS by default, but let's make it
explicit os_fingerprint_method => undef, # don't query p0f for
internal clients };
# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for
filtering $interface_policy{'10026'} = 'ORIGINATING';
$policy_bank{'ORIGINATING'} = { # mail supposedly originating from our
users originating => 1, # declare that mail was submitted by our smtp
client allow_disclaimers => 1, # enables disclaimer insertion if
available # notify administrator of locally originating malware
virus_admin_maps => ["virusalert\@$mydomain"],
spam_admin_maps => ["virusalert\@$mydomain"],
warnbadhsender => 1,
# forward to a smtpd service providing DKIM signing service
forward_method => 'smtp:[127.0.0.1]:10027',
# force MTA conversion to 7-bit (e.g. before DKIM signing)
smtpd_discard_ehlo_keywords => ['8BITMIME'],
bypass_banned_checks_maps => [1], # allow sending any file names and
types terminate_dsn_on_notify_success => 0, # don't remove
NOTIFY=SUCCESS option };
$interface_policy{'SOCK'} = 'AM.PDP-SOCK'; # only applies with
$unix_socketname
# Use with amavis-release over a socket or with Petr Rehor's
amavis-milter.c # (with amavis-milter.c from this package or old
amavis.c client use 'AM.CL'): $policy_bank{'AM.PDP-SOCK'} = {
protocol => 'AM.PDP',
auth_required_release => 0, # do not require secret_id for
amavisd-release };
$sa_tag_level_deflt = -999; # add spam info headers if at, or above
that level $sa_tag2_level_deflt = 8.0; # add 'spam detected' headers
at that level $sa_kill_level_deflt = 9.31; # triggers spam evasive
actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level
beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18;
# likewise, but for a likely valid From # $sa_quarantine_cutoff_level =
25; # spam level beyond which quarantine is off $penpals_bonus_score =
8; # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on
hi spam $bounce_killer_score = 100; # spam score points to add for
joe-jobbed bounces
$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail
is larger $sa_local_tests_only = 0; # only tests which do not
require internet access?
$virus_admin = undef; # notifications
recip.
$mailfrom_notify_admin = undef; # notifications
sender $mailfrom_notify_recip = undef; #
notifications sender $mailfrom_notify_spamadmin =
undef; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender
if undef
@addr_extension_virus_maps = ('virus');
@addr_extension_banned_maps = ('banned');
@addr_extension_spam_maps = ('spam');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+'; # undef disables address extensions
altogether # when enabling addr extensions do also Postfix/main.cf:
recipient_delimiter=+
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';
$MAXLEVELS = 14;
$MAXFILES = 3000;
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced) $MAX_EXPANSION_QUOTA = 500*1024*1024; # bytes (default
undef, not enforced)
$sa_spam_subject_tag = '***Spam*** ';
$defang_virus = 1; # MIME-wrap passed infected mail
$defang_banned = 1; # MIME-wrap passed mail containing banned name
# for defanging bad headers only turn on certain minor contents
categories: $defang_by_ccat{CC_BADH.",3"} = 1; # NUL or CR character
in header $defang_by_ccat{CC_BADH.",5"} = 1; # header line longer than
998 characters $defang_by_ccat{CC_BADH.",6"} = 1; # header field
syntax error
# OTHER MORE COMMON SETTINGS (defaults may suffice):
# $myhostname = 'host.example.com'; # must be a fully-qualified domain
name!
#$notify_method = 'smtp:[127.0.0.1]:10028';
#$forward_method = 'smtp:[127.0.0.1]:10028'; # set to undef with
milter!
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD; #!!! D_DISCARD / D_REJECT
$final_bad_header_destiny = D_BOUNCE;
# $bad_header_quarantine_method = undef;
# $os_fingerprint_method = 'p0f:*:2345'; # to query p0f-analyzer.pl
## hierarchy by which a final setting is chosen:
## policy bank (based on port or IP address) -> *_by_ccat
## *_by_ccat (based on mail contents) -> *_maps
## *_maps (based on recipient address) -> final configuration value
# SOME OTHER VARIABLES WORTH CONSIDERING (see amavisd.conf-default for
all)
# $warnbadhsender,
# $warnvirusrecip, $warnbannedrecip, $warnbadhrecip, (or
@warn*recip_maps) #
# @bypass_virus_checks_maps, @bypass_spam_checks_maps,
# @bypass_banned_checks_maps, @bypass_header_checks_maps,
#
# @virus_lovers_maps, @spam_lovers_maps,
# @banned_files_lovers_maps, @bad_header_lovers_maps,
#
# @blacklist_sender_maps, @score_sender_maps,
#
# $clean_quarantine_method, $virus_quarantine_to, $banned_quarantine_to,
# $bad_header_quarantine_to, $spam_quarantine_to,
#
# $defang_bad_header, $defang_undecipherable, $defang_spam
1; # insure a defined return value
More information about the amavis-users
mailing list